General
-
Target
4af227e5b7cfc0a16a04fe44bf127bbb645e0d90237175443ee89de69c244118
-
Size
342KB
-
Sample
231206-epnhnsba76
-
MD5
25eeb351be26a93f8e5b38d76b12e1e2
-
SHA1
11826e12ba730aa1274efc3520656748e867c68e
-
SHA256
4af227e5b7cfc0a16a04fe44bf127bbb645e0d90237175443ee89de69c244118
-
SHA512
7ebbd478f2c81db2598ffd036c67faa346646cd504fc0fd987215102edc56f7ffb65e768bc6d65aea631a91b36a27f6106b17abe7d86fdd2c9a2687cdfc13996
-
SSDEEP
6144:zNAbcrRg2uoRfk8p6/JWhFKmFwGKG2f2KKBP1T8RiGwr+cra6gYm:pjduoRs80/JWemCX9HR/Ebu
Static task
static1
Behavioral task
behavioral1
Sample
Qrguhetr.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
Qrguhetr.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sturmsgroup.com - Port:
587 - Username:
[email protected] - Password:
hs_B2R1px4ASsOhR - Email To:
[email protected]
Targets
-
-
Target
Qrguhetr.exe
-
Size
359KB
-
MD5
54a67d96afdf8ad86bc42e04274fb255
-
SHA1
7c9d591d4f6fd446dc4413e763efd8af78cc0dab
-
SHA256
b4ac3ee481fb4c75763858cedd0196f8e551acae75e16f7ce93907fb0d2e243f
-
SHA512
d79dc62898a52d9b190a778c579935c181370354477a2a2513d3db9ce433e25adc28967fcbdf07d7ab296695e6cd806bf7625393aaf01d96efe9472e1dab60e2
-
SSDEEP
6144:ilUueprpg8uoRfO8p6/nWhFKmFwYKk2f2KKBP1TERiGwJ+cra6l3Rh:iSV5uoRG80/nWemCVr5RvEbl3Rh
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-